Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Teaming Up to Educate and Enable Better Defense Against Phishing
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:44:08 AM
Re: 1,500 Phish a Month
Ah ok, thanks for clarifying. I would imagine pulling sites is based on a "level of integrity" basis. This makes much more sense, thanks again for elaborating.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 8:39:37 AM
Re: 1,500 Phish a Month
I don't mean to call out a single site, but I happen to like OpenDNS who developed PhishTank.  I think the value in DBs like this is based upon the fact that data does rapidly change for phishing sites.  With a model like PhishTank where you can develop your own anti-phishing apps against an OpenDNS API, you can actually rapidly log and pull sites, cross-reference and protect with fairly high accuracy.  Nothing's perfect, of course.  Like any spam filter your phishing filter will have flaws, but as the DB, the data and the apps developed to use them mature, their usefulness will become much more clear. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/14/2015 | 8:17:43 AM
Re: 1,500 Phish a Month
I'm interested in this statement, "I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers."


Could you elaborate more to the value this provides? It's very easy to change email addresses so I don't see how the database would be overly effective. The source could easily pivot and keep on going with the recipient database they have. Thanks,
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/14/2015 | 2:41:02 AM
1,500 Phish a Month
Between all my email accounts, I've estimated that I get roughly 1,500 phish a month.  Mind you, this isn't junk mail - these are emails that contain verbiage and links designed to extract information, to get me to login to a site with a pretense that ideally will convince me to use credentials tied to my finances, etc.  

My way of dealing with this is simple.  I've built a dictionary that is a compilation of keywords and phrases culled from this monthly mountain of madness.  Line up with any number of individual keywords or phrases, and my filters are permanently deleting you, after logging a tick for your status as "another one of those..."

Of course, this is not what I want to do.  I'd rather respond back in kind, perhaps with a bit more venom in the response, and crush them at their own game.  Phish for my banking credentials, get hit with a virus in return.  Of course, the problem is even the most talented of InfoSec pros have a hard time tracing phish back to their home schools...

I like projects like PhishTank where you can report suspected phishermen and slowly build a database of confirmed malicious emailers.  It's not as glamorous as dropping the phisherman by sending back a shark, but it does a public service in pulling together victims of common crimes to aid others avoid being hit.

In time, these databases will be valuable and just having access to them could eventually come at a price.  Jump on them now while most are still free.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41163
PUBLISHED: 2021-10-20
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discour...
CVE-2021-42299
PUBLISHED: 2021-10-20
Microsoft Surface Pro 3 Security Feature Bypass Vulnerability
CVE-2021-42771
PUBLISHED: 2021-10-20
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
CVE-2021-42764
PUBLISHED: 2021-10-20
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
CVE-2021-42765
PUBLISHED: 2021-10-20
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).